Cause
Secure Site Pro/Managed PKI for SSL Premium SSL Intermediate CA Certificate expired on October 24, 2011 Resolution
If you have a Secure Site Pro or Premium SSL certificate that was issued before October 10th, 2010, then the certificate might be chaining to the following Intermediate CA that expired on October 24, 2011:

1 Answer
1

You don't renew intermediate (chained) certificates, Verisign handles these certificates as they belong to them. It sounds very much like you got a new certificate which was signed by a different intermediate certificate from your previous cert. Your server needs this intermediate certificate to show clients the full chain.

More detail: The clients have a list of certificates which they already trust, the root CAs. Verisign is probably in that list already. Verisign, for various reasons, does not use it's Root CA Certificate to directly sign your Server Certificates. It uses an Intermediate Certificate. Clients do not know about this Intermediate Certificates. When clients connect to your Server, your server provides both its Server Certificate and the Intermediate Certificate. The client looks this over and see that it trusts Verisign, which trusts the Intermediate, and the Intermediate trusts your Server Cert; so all is good.

Except your server is missing the new Intermediate Certificates. So the client contacts your Server, and only see the Server Certificate. Since the client can not find a chain of trust from the Verisign Root Certificate to ther Server Certificate the connection fails. To resolve this you need to install the Intermediate Certificate on your Server. The process for this is different for the major servers out there:

For Apache 1.x: you need to edit httpd.conf. Find the Directive SSLCertificateChainFile and point it to the Intermediate Certificate provided by Verisign. It's common for CAs to provide a "Cert Bundle", "Chain Bundle", "Chain Certificate", or "Intermediate Certificate" (they're all the same thing for your purposes).

Side note: Apache 1.x is really ancient software and should be deprecated.... Apache 2.x is available.